VYPR

CWE-315

Cleartext Storage of Sensitive Information in a Cookie

VariantDraft

Description

The product stores sensitive information in cleartext in a cookie.

Attackers can use widely-available tools to view the cookie and read the sensitive information. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-31 · CAPEC-37 · CAPEC-39 · CAPEC-74

CVEs mapped to this weakness (4)

  • CVE-2026-25818CriMar 13, 2026
    risk 0.59cvss 9.1epss 0.00

    HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an attacker with a stolen session cookie to find the user password by brute-forcing an…

  • CVE-2024-8644HigSep 27, 2024
    risk 0.49cvss 7.5epss 0.00

    Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking). This issue affects ValeApp: before v2.0.0.

  • CVE-2025-8528LowAug 4, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext storage of sensitive information in a cookie. It is possible to launch the attack…

  • CVE-2024-24768Feb 5, 2024
    risk 0.00cvss epss 0.00

    1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version…